package br.com.usjt.locadoraweb.dao;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import br.com.usjt.locadoraweb.model.*;

public class LoginDAO {

	public LoginDAO() {
		
	}
	
	public boolean searchUser(String user, String password) {
		
		//String sqlSelect = "SELECT * FROM login where usuario = '?' and senha = '?'";
		String sqlSelect = "SELECT * FROM login where usuario = '" + user + "' and senha = '" + password + "'";
		boolean authenticUser = false;
		
		PreparedStatement stm = null;
		ResultSet rs = null;
		Connection conn = null;
		
		try {
			AcessoBD bd = new AcessoBD();
			conn = bd.obtemConexao();
			
			stm = conn.prepareStatement(sqlSelect);
			//stm.setString(1,user);
			//stm.setString(2, password);
			rs = stm.executeQuery();
			
			while(rs.next()) {
				if (rs.getString(2).contains(user) && rs.getString(3).contains(password))
					return authenticUser = true;
				else
					return authenticUser = false;
			}
			
			return authenticUser;						
			
		} catch (Exception e) {
			e.printStackTrace();
			return authenticUser;
			
		} finally {
			if (stm != null) {
				try {
					stm.close();
				} catch (SQLException e1) {
					System.out.print(e1.getStackTrace());
				}
			}
		}
	}
}
